LuKreme a écrit : > I have the following: > > main.cf in smtpd_recipient_restrictions: > check_helo_access pcre:$config_directory/helo_checks.pcre, > > in helo_checks.pcre: > /(lan|home|example|local)$/ REJECT Mailserver name in > private namespace > > but in logs: > May 23 14:48:17 mail postfix/smtpd[30899]: NOQUEUE: warn: RCPT from > 201-88-100-143.gnace704.dsl.brasiltelecom.net.br[201.88.100.143]: > Dynamic DSL looking address; from=<subsidize...@maww.com> > to=<consorti...@domain3.example> proto=ESMTP helo=<speedtouch.lan> >
note that the IP is listed in zen (PBL and XBL via CBL), spamcop, Barracuda, ... > OK? But the line with that reject notice is in check_client_fqdn.pcre, > which is AFTER check_helo_access > > /\.(dsl|\d+dsl|dsl\d+)\./ REJECT Dynamic DSL looking > address > > from postonf -n: > smtpd_recipient_restrictions = reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unknown_sender_domain, better move this one later in the chain. it is an expensive check. > reject_invalid_hostname, permit_mynetworks, check_client_access > hash:$config_directory/pbs, I guess this is "Pop Before Smtp". > permit_sasl_authenticated, > reject_unauth_destination, reject_unlisted_sender, you should also add reject_unlisted_recipient to get rid of bad recipients soon. > check_client_access > cidr:/var/db/dnswl/postfix-dnswl-permit check_helo_access > pcre:$config_directory/helo_checks.pcre, check_sender_access > pcre:$config_directory/sender_access.pcre, check_client_access > pcre:$config_directory/check_client_fqdn.pcre, check_recipient_access > pcre:$config_directory/recipient_checks.pcre, check_client_access > hash:$config_directory/access, reject_rbl_client zen.spamhaus.org, permit > > shouldn't that helo from .lan be hitting the helo restriction before it > even gets to the fqdn lookup? Did you reload postfix after changing the pcre map? if not, you'll need to wait until it is loaded by a new child. anyway, use postmap -q to check your maps. > Or hitting the reject_non_fqdn_sender? the sender is fqdn (maww.com is fqdn) > Why's it falling all the way check_client_fqdn.pcre? >
